1. Field of the Technology
The present disclosure relates to password authentication technology, and more particularly, to a password authentication system with enhanced security based on continuous authentication of a user password and a password authentication method.
2. Description of the Related Art
A password made up of an image (for example, an icon), also known as an image password, inputted from a user is difficult to steal even though a third party peeps at a password input situation of the user. Moreover, when a password is set using an image subjected to a shift value from an original password, it is more difficult for a third party to peep at, contributing to enhanced security.
The password to which the shift value is applied refers to, for example, a password a user inputs using an image subjected to a shift value from an image of an original password on a password input screen where a plurality of images is randomly arranged. When the shift value is shift right by 1 and shift up by 1, the user inputs, as a password, an image at a location after the image of the original password is shifted right by 1 and shifted up by 1, instead of the image of the original password. For authentication processing of the password inputted from the user, the shift value is inversely applied to obtain the original password, and then authentication processing is performed.
Here, the authentication method of the image password to which the shift value is applied improves security, but when a third party inputs passwords randomly, there is a probability that password authentication would succeed by accident. A third party may repeatedly attempt to input passwords continuously until authentication succeeds.
In a situation in which a plurality of passwords is set, when authentication succeeds for each password, services corresponding to each password for which authentication succeeded may be provided. In this case, when a third party attempts attacks such as by randomly entering passwords, there is a probability that the plurality of passwords would be leaked to the third party. Here, processing of the plurality of passwords is performed with the same importance. That is, when authentication succeeds for each password, corresponding services are provided. However, when there is a more important password among the plurality of passwords, there is a need for measures to provide greater security for the password with greater importance.